Full Disclosure mailing list archives
Re: Port scanning /0 using insecure embedded devices
From: Gage Bystrom <themadichib0d () gmail com>
Date: Wed, 27 Mar 2013 14:34:04 -0700
I think its simply a case of everyone more or less knew this was possible and quite easy to pull off, just no one publicly bothered to get around to doing it till now. Afterall its just a large mass of low hanging fruit compromised to gather data. I'm more impressed by how they aggragated said data together without leaving a nasty trail. Of course I'm giving them the benefit of the doubt that they covered their tracks reasonably or have some sort of means to not worry about law enforcement. On Mar 26, 2013 8:23 PM, "Stefan Jon Silverman" <sjs () sjsinc com> wrote:
Was really surprised that outside of Vladis's comment on feeding the BlackHats this provoked no further discussion...w/in a few minutes of it arriving I had fired off a forward to several colleagues w/ the comment that it should provoke an interesting discussion here on the sheer number of compromised devices to accomplish his goal....dead air....oh well, sometimes sh*t happens and sometimes is doesn't... Until this ended up in an eNewsRag in my inbox today (good read): "*The Dark Side of the Internet of Things*" --> http://www.networkcomputing.com/next-generation-data-center/servers/the-dark-side-of-the-internet-of-things/240151608 Regards, Stefan ************************************************************************** *Stefan Jon Silverman*<http://www.sjsinc.com/cgi-bin/DoRedirect?sig-google>- Founder / President SJS Associates, N.A., Inc. A Technology Strategy Consultancy ************************************************************************** Cell *917 929 1668* *sjs () sjsinc com*<sjs () sjsinc com> eMail *www.sjsinc.com*<http://www.sjsinc.com/?%20eMail%20Sig> ************************************************************************** Aim/Skype/GoogleIM: *LazloInSF* Twitter/Yahoo: *sjs_sf* ************************************************************************** Weebles wobble but they don't fall down!!!! ************************************************************************** On 3/17/2013 4:54 PM, internet census wrote: --------------------- Internet Census 2012 --------------------- -------- Port scanning /0 using insecure embedded devices -------- ------------------------- Carna Botnet ------------------------- While playing around with the Nmap Scripting Engine we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. From March to December 2012 we used ~420 Thousand insecure embedded devices as a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. All data gathered during our research is released into the public domain for further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ and is available via BitTorrent. The dataset contains: - 52 billion ICMP ping probes - 10.5 billion reverse DNS records - 180 billion service probe records - 2.8 billion sync scan records for 660 million IPs with 71 billion ports tested - 80 million TCP/IP fingerprints - 75 million IP ID sequence records - 68 million traceroute records This project is, to our knowledge, the largest and most comprehensive IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012 may have been the last time a census like this was possible. A full documention, including statistics and images, can be found on the project page. We hope other researchers will find the data we have collected useful and that this publication will help raise some awareness that, while everybody is talking about high class exploits and cyberwar, four simple stupid default telnet passwords can give you access to hundreds of thousands of consumer as well as tens of thousands of industrial devices all over the world. No devices were harmed during this experiment and our botnet has now ceased its activity. Project Page: http://internetcensus2012.bitbucket.org/ http://internetcensus2012.github.com/InternetCensus2012/ http://census2012.sourceforge.net/ Torrent MAGNET LINK: magnet:?xt=urn:btih:7e138693170629fa7835d52798be18ab2fb847fe&dn=InternetCensus2012&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80% 2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Port scanning /0 using insecure embedded devices internet census (Mar 18)
- Re: Port scanning /0 using insecure embedded devices Jeffrey Walton (Mar 19)
- Re: Port scanning /0 using insecure embedded devices Valdis . Kletnieks (Mar 21)
- Re: Port scanning /0 using insecure embedded devices Stefan Jon Silverman (Mar 26)
- Re: Port scanning /0 using insecure embedded devices Gage Bystrom (Mar 27)
- Re: Port scanning /0 using insecure embedded devices Jeffrey Walton (Mar 19)